RFR: 8275534: com.sun.net.httpserver.BasicAuthenticator should check whether "realm" is a quoted string
Julia Boes
jboes at openjdk.java.net
Tue Oct 26 13:02:37 UTC 2021
This change ensures that the realm string passed to the BasicAuthenticator constructor is a quoted-string, as per RFC7230 [1]. A Utils class is added to jdk.httpserver/sun.net.httpserver that holds the new isQuotedString() method and the pre-existing isValidName() method (previously in ServerImpl.)
Two tests are included:
- BasicAuthenticatorRealm.java to check that Latin-1 chars in the realm string are transported correctly,
- BasicAuthenticatorExceptionCheck.java to check realm strings with escaped quotes.
Testing: tier 1-3.
[1] https://datatracker.ietf.org/doc/html/rfc7230
-------------
Commit messages:
- initial commit
Changes: https://git.openjdk.java.net/jdk/pull/6117/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=6117&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8275534
Stats: 338 lines in 6 files changed: 304 ins; 22 del; 12 mod
Patch: https://git.openjdk.java.net/jdk/pull/6117.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/6117/head:pull/6117
PR: https://git.openjdk.java.net/jdk/pull/6117
More information about the net-dev
mailing list